Security update for xkbcomp

This update for xkbcomp fixes the following issues: CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash bsc1105832. CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkbinternat...

firefox security update

140.4.0-4.0.1 - Update to 140.4.0 ESR Orabug: 38595697CVE-2025-11708CVE-2025-11709 CVE-2025-11710CVE-2025-11711CVE-2025-11712CVE-2025-11714 CVE-2025-11715...

CVE-2025-14660 DecoCMS Mesh Workspace Domain api.ts createTool access control

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...

CVE-2025-43482

The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service...

[Updated] Another Chrome zero-day under attack: update now

Google issued an extra patch for a security vulnerability in Chrome that is being actively exploited, and it's urging users to update. The patch fixes three flaws in Chrome, and for one of them Google says an exploit already exists in the wild. Chrome is by far the world’s most popular browser,...

EulerOS 2.0 SP11 : cmake (EulerOS-SA-2025-2457)

According to the versions of the cmake packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file...

CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...

Security update for fontforge

This update for fontforge fixes the following issues: CVE-2025-50949: Fixed a memory leak in the DlgCreate8 function. bsc1252652 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...

GHSA-9XC6-C2RM-F27P XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...

ROOT-OS-DEBIAN-11-CVE-2025-13601 CVE-2025-13601 in rootio-glib2.0 - Patched by Root

Root has patched CVE-2025-13601 in the rootio-glib2.0 package for Root:Debian:11. Multiple fixed versions available...

CVE-2025-9571

CVE-2025-9571 is a remote code execution vulnerability in Google Cloud Data Fusion. An attacker with permission to upload artifacts to a Data Fusion instance can execute arbitrary code in the core AppFabric component, potentially gaining control of the Data Fusion instance and leading to unauthor...

SUSE CVE-2022-50648

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...

Elysia affected by arbitrary code injection through cookie config

Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...

CVE-2025-66479

Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...

WordPress Login Security, FireWall, Malware removal by CleanTalk plugin <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability

Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability discovered by shark3y in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.168...

PT-2025-50208

Name of the Vulnerable Software and Affected Versions HP System Event Utility versions prior to 3.2.12 Omen Gaming Hub versions prior to 1101.2511.101.0 Description The HP System Event Utility and Omen Gaming Hub software may permit the execution of files outside of designated restricted paths...

UBUNTU-CVE-2025-40291

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

WordPress Funnel Builder by FunnelKit plugin <= 3.13.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

CVE-2025-14116

CVE-2025-14116 affects xerrors Yuxi-Know up to 0.4.0. The vulnerability is in the function OtherEmbedding.aencode in /src/models/embed.py; manipulating the health_url argument can lead to server-side request forgery (SSRF). Exploitation is possible remotely, and an exploit is publicly available. ...